Home

/

Blog

/

News

AI Agent Security Takes RSAC 2026

Lara Iglesias

Apr 6, 2026

TL;DR

RSAC 2026 highlights a structural shift in cybersecurity as AI agents move into production. The focus is moving from model risks to runtime control, data exposure, and governance of autonomous systems.

RSAC 2026 Marks the Operationalization of AI Risk

RSAC 2026 makes one thing clear: AI risk is no longer theoretical. Across the conference, discussions have moved beyond experimentation and into the realities of deployment. AI systems are no longer isolated copilots assisting users at the edge. They are being embedded directly into enterprise infrastructure, where they interact with APIs, query internal data, and execute multi-step workflows.

This shift changes the nature of cybersecurity. The challenge is no longer just protecting systems from external attackers, but managing systems that can independently take actions within trusted environments. AI agents operate with a level of autonomy that introduces new forms of risk, particularly when their decisions are based on dynamic context, incomplete information, or evolving objectives.


Agent Behavior Becomes the New Attack Surface

One of the most important themes emerging from RSAC is that the attack surface is expanding from code and infrastructure to behavior. Traditional security models assume that systems follow predefined logic, making it possible to define clear boundaries and enforce controls at specific points.

AI agents break this assumption. Their behavior is shaped by prompts, retrieved data, memory, and interactions with external tools. This means that risk does not only come from vulnerabilities in code, but from how an agent interprets instructions, what it chooses to do, and how it sequences actions over time.

As a result, security teams are beginning to treat agent behavior itself as something that must be monitored, constrained, and audited. This represents a shift from static security controls to dynamic oversight of decision-making processes.

Why Runtime Security Is Becoming Essential

A consistent message across RSAC 2026 is that pre-deployment validation is no longer enough. Testing models in controlled environments does not fully capture how they will behave once deployed, where they interact with real data, real users, and real systems.

Runtime security addresses this gap by focusing on what happens after deployment. It introduces continuous visibility into agent activity, allowing organizations to observe how decisions are made, what data is accessed, and how tools are used in practice. More importantly, it enables intervention. When an agent attempts to access sensitive data in an unexpected context or executes an unusual sequence of actions, controls can be applied in real time.

This approach acknowledges that AI risk is not static. It evolves with usage, context, and system integration, which makes continuous monitoring a requirement rather than an option.

Data Exposure Becomes a System-Level Risk

Data security emerges at RSAC not as a secondary concern, but as a central challenge in AI deployment. Unlike traditional systems, where data exposure is often tied to explicit breaches or misconfigurations, AI systems can expose data through normal operation.

An agent may retrieve sensitive information because it appears relevant to a query, combine data from multiple sources in unintended ways, or retain information in memory beyond its expected scope. These behaviors are not necessarily malicious, but they can still result in significant security and compliance issues.

What makes this particularly complex is that data exposure is often indirect. It may occur through generated responses, intermediate reasoning steps, or interactions between components such as retrieval systems and memory layers. This requires organizations to think about data security not just in terms of storage and access, but in terms of how data flows through the entire AI lifecycle.

From Access Control to Contextual Authorization

Another shift highlighted at RSAC is the limitation of traditional access control models in AI environments. Granting or restricting access based on static roles is not sufficient when agents operate across multiple systems and contexts.

Instead, organizations are beginning to adopt more contextual approaches to authorization. Access decisions are increasingly based on factors such as the task being performed, the data being requested, and the sequence of actions leading to that request. This allows for more precise control over how agents interact with sensitive systems, reducing the risk of misuse without limiting functionality.

This shift reflects a broader understanding that in AI systems, intent and context matter as much as identity.

Governance as a Security Layer

As AI capabilities expand, governance is becoming a critical component of security strategy. RSAC 2026 highlights the need for organizations to define clear rules around how AI agents operate, what actions they are allowed to take, and how those actions are monitored and reviewed.

Governance in this context is not just about compliance. It is about creating a framework that ensures AI systems behave in predictable and aligned ways. This includes maintaining audit trails of agent activity, establishing policies for tool usage, and ensuring that critical decisions remain observable and, when necessary, reversible.

Without this layer of governance, organizations risk deploying systems that are powerful but difficult to control.

Why RSAC 2026 Matters

RSAC has always been an indicator of where cybersecurity is heading, and this year reflects a clear transition. AI is no longer being discussed as an emerging technology, but as an operational layer that must be secured with the same rigor as any other part of the enterprise stack.

The focus is shifting from building AI capabilities to managing their consequences. This includes understanding how autonomous systems behave, how they interact with data, and how they can be governed at scale.

What Comes Next

The discussions at RSAC 2026 suggest that the next phase of AI adoption will be defined not by capability, but by control. Organizations that can combine functionality with visibility and governance will be able to deploy AI systems with confidence.

Those that cannot may find themselves facing risks that are difficult to detect and even harder to contain. As AI agents become more deeply integrated into enterprise environments, security will depend less on preventing access and more on shaping behavior.

AI agents are not just adding complexity to cybersecurity. They are redefining its scope.



Related Posts

View All

News

Inside the McKinsey AI Chatbot Hack: How an Autonomous Agent Gained Read-Write Access

Mar 23, 2026

News

MWC 2026 Highlights the Rise of AI Agent Security in Enterprise AI

Mar 6, 2026

News

Moltbook: the AI-Only Social Network and its risks

Feb 11, 2026

More Article by Lara Iglesias

View All

AI Agents Security

What the 2026 OWASP’s GenAI Data Security Guide Means for Enterprise AI Security

Apr 6, 2026

AI Agents Security

The Hidden Risk of Alignment Faking in Enterprise Systems

Mar 23, 2026

News

Inside the McKinsey AI Chatbot Hack: How an Autonomous Agent Gained Read-Write Access

Mar 23, 2026

Explore Topics

AI Agents Security

MCP Security

Benchmarks

News

Sponsor

Sponsor